Add api to list tokens

2026-06-06 05:38:44 +08:00 · 2024-10-29 09:57:22 +08:00
parent 26aa3351f1
commit 0e890794eb
5 changed files with 183 additions and 19 deletions
--- a/routes/api/token/manage.ts
+++ b/routes/api/token/manage.ts
@@ -1,7 +1,7 @@
 import { Handlers } from "$fresh/server.ts";
 import { User } from "../../../db.ts";
 import { get_task_manager } from "../../../server.ts";
-import { parse_big_int } from "../../../server/parse_form.ts";
+import { parse_big_int, parse_bool } from "../../../server/parse_form.ts";
 import { return_data, return_error } from "../../../server/utils.ts";

 export const handler: Handlers = {
@@ -32,11 +32,60 @@ export const handler: Handlers = {
                    return return_error(404, "User not found.");
                }
                if (u.is_admin) {
-                    return return_error(3, "Only root user can delete admin user's token.", 403);
+                    return return_error(
+                        3,
+                        "Only root user can delete admin user's token.",
+                        403,
+                    );
                }
            }
        }
        m.db.delete_token(token.token);
        return return_data(true);
    },
-}
+    async GET(req, ctx) {
+        const user = <User | undefined> ctx.state.user;
+        const data = new URL(req.url).searchParams;
+        let uid = await parse_big_int(data.get("uid"), null);
+        const offset = await parse_big_int(data.get("offset"), null);
+        const limit = await parse_big_int(data.get("limit"), null);
+        const all_user = await parse_bool(data.get("all_user"), false);
+        const m = get_task_manager();
+        if (user) {
+            if (!all_user && uid === null) uid = user.id;
+            if (!user.is_admin && uid && user.id != uid) {
+                return return_error(403, "Permission denied.");
+            }
+            if (user.is_admin && uid && user.id != uid && user.id != 0) {
+                const u = m.db.get_user(uid);
+                if (!u) {
+                    return return_error(404, "User not found.");
+                }
+                if (u.is_admin) {
+                    return return_error(
+                        3,
+                        "Only root user can get admin user's tokens.",
+                        403,
+                    );
+                }
+            }
+            if (user.id != 0 && uid === null) {
+                return return_error(
+                    4,
+                    "Only root user can get all user's tokens.",
+                    403,
+                );
+            }
+        }
+        if (!all_user && uid === null) {
+            return return_error(2, "User id not specified.");
+        }
+        return return_data(
+            m.db.get_tokens(offset, limit, uid).map((e) => {
+                // @ts-ignore Ignore
+                delete e.token;
+                return e;
+            }),
+        );
+    },
+};